change refresh token RequestHeader->RequestParam

change LoginTokenRefreshPoint -> AuthTokenRefreshPoint
change refresh token RequestHeader->RequestParam
log details

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthRefreshTokenService.java

@@ -42,7 +42,7 @@ public class AuthRefreshTokenService extends AuthJwtService{
 	 * @return
 	 */
 	public String genRefreshToken(Authentication authentication) {
-		_logger.trace("gen Refresh Token");
+		_logger.trace("generate Refresh JWT Token");
 		return genJwt( 
 				 authentication,
 				 authJwkConfig.getIssuer(),

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthTokenService.java

@@ -66,6 +66,7 @@ public class AuthTokenService  extends AuthJwtService{
 	public AuthJwt genAuthJwt(Authentication authentication) {
 		if(authentication != null) {
 			String refreshToken = refreshTokenService.genRefreshToken(authentication);
+			_logger.trace("generate JWT Token");
 			String accessToken = genJwt(authentication);
 			AuthJwt authJwt = new AuthJwt(
 						accessToken,

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/LoginTokenRefreshPoint.java → maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/AuthTokenRefreshPoint.java

@@ -17,6 +17,8 @@
 
 package org.maxkey.authn.web;
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.maxkey.authn.jwt.AuthJwt;
 import org.maxkey.authn.jwt.AuthRefreshTokenService;
 import org.maxkey.authn.jwt.AuthTokenService;
@@ -24,6 +26,7 @@ import org.maxkey.authn.session.Session;
 import org.maxkey.authn.session.SessionManager;
 import org.maxkey.entity.Message;
 import org.maxkey.util.StringUtils;
+import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -31,13 +34,13 @@ import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 
 @Controller
 @RequestMapping(value = "/auth")
-public class LoginTokenRefreshPoint {
-	private static final  Logger _logger = LoggerFactory.getLogger(LoginTokenRefreshPoint.class);
+public class AuthTokenRefreshPoint {
+	private static final  Logger _logger = LoggerFactory.getLogger(AuthTokenRefreshPoint.class);
 	
 	@Autowired
 	AuthTokenService authTokenService;
@@ -49,10 +52,11 @@ public class LoginTokenRefreshPoint {
 	SessionManager sessionManager;
 	
  	@RequestMapping(value={"/token/refresh"}, produces = {MediaType.APPLICATION_JSON_VALUE})
-	public ResponseEntity<?> refresh(
-					@RequestHeader(name = "refresh_token", required = false) String refreshToken) {
+	public ResponseEntity<?> refresh(HttpServletRequest request,
+			@RequestParam(name = "refresh_token", required = false) String refreshToken) {
  		_logger.debug("try to refresh token " );
  		_logger.trace("refresh token {} " , refreshToken);
+ 		if(_logger.isTraceEnabled()) {WebContext.printRequest(request);}
  		try {
 	 		if(StringUtils.isNotBlank(refreshToken) 
 	 				&& refreshTokenService.validateJwtToken(refreshToken)) {

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/interceptor/PermissionInterceptor.java

@@ -63,7 +63,7 @@ public class PermissionInterceptor  implements AsyncHandlerInterceptor  {
 		 SignPrincipal principal = AuthorizationUtils.getPrincipal();
 		//判断用户是否登录,判断用户是否登录用户
 		if(principal == null){
-			_logger.trace("No Authentication ... forward to /auth/entrypoint");
+			_logger.trace("No Authentication ... forward to /auth/entrypoint , request URI " + request.getRequestURI());
 			RequestDispatcher dispatcher = request.getRequestDispatcher("/auth/entrypoint");
 		    dispatcher.forward(request, response);
 		    return false;

maxkey-core/src/main/java/org/maxkey/web/WebContext.java

@@ -237,26 +237,24 @@ public final class WebContext {
      * @param request
      */
     public static void printRequest(final HttpServletRequest request) {
-    	if(_logger.isTraceEnabled()) {
-    		_logger.trace("getContextPath : {}"  , request.getContextPath());
-	    	_logger.trace("getRequestURL : {} " , request.getRequestURL());
-			_logger.trace("URL : {}" , request.getRequestURI().substring(request.getContextPath().length()));
-	    	_logger.trace("getMethod : {} " , request.getMethod());
-	    	
-	        Enumeration<String> headerNames = request.getHeaderNames();
-	        while (headerNames.hasMoreElements()) {
-	          String key = (String) headerNames.nextElement();
-	          String value = request.getHeader(key);
-	          _logger.trace("Header key {} , value {}" , key, value);
-	        }
-	        
-	        Enumeration<String> parameterNames = request.getParameterNames();
-	        while (parameterNames.hasMoreElements()) {
-	          String key = (String) parameterNames.nextElement();
-	          String value = request.getParameter(key);
-	          _logger.trace("Parameter {} , value {}",key , value);
-	        }
-    	}
+		_logger.info("getContextPath : {}"  , request.getContextPath());
+    	_logger.info("getRequestURL : {} " , request.getRequestURL());
+		_logger.info("URL : {}" , request.getRequestURI().substring(request.getContextPath().length()));
+    	_logger.info("getMethod : {} " , request.getMethod());
+    	
+        Enumeration<String> headerNames = request.getHeaderNames();
+        while (headerNames.hasMoreElements()) {
+          String key = (String) headerNames.nextElement();
+          String value = request.getHeader(key);
+          _logger.info("Header key {} , value {}" , key, value);
+        }
+        
+        Enumeration<String> parameterNames = request.getParameterNames();
+        while (parameterNames.hasMoreElements()) {
+          String key = (String) parameterNames.nextElement();
+          String value = request.getParameter(key);
+          _logger.info("Parameter {} , value {}",key , value);
+        }
     }
 
     /**

maxkey-core/src/main/java/org/maxkey/web/WebInstRequestFilter.java

@@ -53,7 +53,7 @@ public class WebInstRequestFilter  extends GenericFilterBean {
 		HttpServletRequest request= ((HttpServletRequest)servletRequest);
 		
 		if(request.getSession().getAttribute(WebConstants.CURRENT_INST) == null) {
-			WebContext.printRequest(request);
+			if(_logger.isTraceEnabled()) {WebContext.printRequest(request);}
 			String host = request.getHeader(HEADER_HOSTNAME);
 			_logger.trace("hostname {}",host);
 			if(StringUtils.isEmpty(host)) {

maxkey-core/src/main/java/org/maxkey/web/WebXssRequestFilter.java

@@ -72,7 +72,7 @@ public class WebXssRequestFilter  extends GenericFilterBean {
 		_logger.trace("WebXssRequestFilter");
 		boolean isWebXss = false;
 		HttpServletRequest request= ((HttpServletRequest)servletRequest);
-		
+		if(_logger.isTraceEnabled()) {WebContext.printRequest(request);}
 		if(skipUrlMap.containsKey(request.getRequestURI().substring(request.getContextPath().length()))) {
 			isWebXss = false;
 		}else {

maxkey-web-frontend/maxkey-web-app/src/app/core/net/default.interceptor.ts

@@ -107,7 +107,7 @@ export class DefaultInterceptor implements HttpInterceptor {
    */
   private refreshTokenRequest(): Observable<any> {
     const model = this.tokenSrv.get();
-    return this.http.post(`/auth/token/refresh`, null, null, { headers: { refresh_token: model?.['refresh_token'] || '' } });
+    return this.http.post(`/auth/token/refresh`, null, { refresh_token: model?.['refresh_token'] || '' });
   }
 
   // #region 刷新Token方式一：使用 401 重新刷新 Token

maxkey-web-frontend/maxkey-web-mgt-app/src/app/core/net/default.interceptor.ts

@@ -107,7 +107,7 @@ export class DefaultInterceptor implements HttpInterceptor {
    */
   private refreshTokenRequest(): Observable<any> {
     const model = this.tokenSrv.get();
-    return this.http.post(`/auth/token/refresh`, null, null, { headers: { refresh_token: model?.['refresh_token'] || '' } });
+    return this.http.post(`/auth/token/refresh`, null, { refresh_token: model?.['refresh_token'] || '' });
   }
 
   // #region 刷新Token方式一：使用 401 重新刷新 Token